#!/usr/bin/env perl
use warnings;
use strict;

use CGI;
use Digest::SHA qw(sha1_hex);
use URI::Escape qw(uri_escape);

# change /path/to/includes to match your setup
BEGIN { use constant INCLUDES => '/path/to/includes'; }
BEGIN { require(INCLUDES . '/functions.pl'); }
BEGIN { require(INCLUDES . '/images.pl'); }

my $ua = USERAGENT;
my $site = LBW_IMG_DIR;
my $upload = LBW_UPLOAD;
my $curl = CURL;

# fetch cgi parameters
my $cgi = CGI->new;

my ($user_hash, $file, $filename, $name, $hash);
my $nws = 0;

$user_hash = $cgi->param('user') if (defined($cgi->param('user')));
$file = $cgi->param('file') if (defined($cgi->param('file')));
$filename = $cgi->param('filename') if (defined($cgi->param('filename')));
$name = $cgi->param('name') if (defined($cgi->param('name')));
$hash = $cgi->param('hash') if (defined($cgi->param('hash')));
$nws = 1 if (defined($cgi->param('nws')));

if (not (defined($file) and defined($hash))) {
   error BAD_CGI;
}

# verify credentials
if (not defined($user_hash) or sha1_hex($user_hash . SEED) ne $hash) {
   error ACCESS_DENIED;
}

# sanitize the filename
$filename = $file if ($filename eq '');
$filename = sanitize_filename($filename);

error BAD_FILE unless ($filename =~ /\.(jpg|png|gif)$/);
error BAD_FILE unless (length($filename) >= 5 and length($filename) <= 29);
error BAD_FILE unless ($filename =~ /^[a-z0-9]/);
error DUPE_NAME if (-e $filename);

# sanitize the name/title
$name = $filename if ($name eq '');
$name = sanitize_title($name);

# copy image to images directory and generate hash
my $buffer;
my $hasher = Digest::SHA->new;

open OUTFILE, ">$filename";
binmode $file;
binmode OUTFILE;

while (read($file, $buffer, 1024)) {
   print OUTFILE $buffer;
   $hasher->add($buffer);
}

close OUTFILE;
close $file;

my $file_hash = $hasher->hexdigest;
my $secure_hash = sha1_hex($file_hash . SEED);

# verify image type, dimensions, size
my ($type, $width, $height, $size) = get_image_info($filename);
if ($type ne 'GIF' and $type ne 'JPEG' and $type ne 'PNG') {
   unlink $filename;
   error BAD_FILE;
}

# generate thumbnail if necessary
my $thumbnail = $filename;
if ($width > 250 or $height > 250) {
   if (-e get_thumbname($filename)) {
      unlink $filename;
      error DUPE_NAME;
   }
   $thumbnail = make_thumbnail($filename, $type, $width, $height);
}

# make http request to low-bandwith server to update database
$name = uri_escape($name);
my @response = `$curl -s -A "$ua" -b user=$user_hash -d hash=$file_hash -d hash2=$secure_hash -d name=$name -d filename=$filename -d thumbnail=$thumbnail -d width=$width -d height=$height -d size=$size -d nws=$nws $upload`;
my $status = parse_response(@response);

if ($status eq 'okay') {
   print <<END;
Status: 302 Found
Location: $site/
Content-Type: text/html

END
exit;
}

# only reach this far if the upload did not succede
unlink $filename if (-e $filename);
unlink $thumbnail if (-e $thumbnail);

if ($status eq 'access denied') {
   error ACCESS_DENIED;
} elsif ($status eq 'bad credentials') {
   error BAD_CREDS;
} elsif ($status eq 'bad cgi') {
   error BAD_CGI;
} elsif ($status eq 'dupe file') {
   error DUPE_FILE;
} elsif ($status eq 'dupe name') {
   error DUPE_NAME;
} else {
   error -1;
}
